CVE-2025-69653

Medium CVSS: 6.5

A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. This leads to an abort (SIGABRT) during garbage collection and causes a denial-of-service.

Vendor

Product

CWE

CWE-617

Yayın Tarihi

2026-03-06 19:16:11

Güncelleme

2026-03-12 19:16:15

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-617 MEDIUM 2026

Referanslar

https://github.com/bellard/quickjs/issues/467 https://github.com/bellard/quickjs/issues/467